[13485] in Perl-Users-Digest
Perl-Users Digest, Issue: 895 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu Sep 23 23:07:27 1999
Date: Thu, 23 Sep 1999 20:05:09 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Message-Id: <938142309-v9-i895@ruby.oce.orst.edu>
Content-Type: text
Perl-Users Digest Thu, 23 Sep 1999 Volume: 9 Number: 895
Today's topics:
Re: (-d $filename) test <jeff@vpservices.com>
?? Search Engine Addresses for Submission ?? petrovitch@my-deja.com
Re: beauty of a Y2K bug <cassell@mail.cor.epa.gov>
Re: CONTEST: Range Searching (Yitzchak Scott-Thoennes)
Re: Getting the first occurence of a string (Larry Rosler)
Re: Grouping in REs, no doc found (Ilya Zakharevich)
Re: Grouping in REs, no doc found <ltl@rgsun5.viasystems.com>
Re: Grouping in REs, no doc found <rick.delaney@home.com>
Re: How to RLOGIN - try again (Martien Verbruggen)
Re: How to RLOGIN - try again (David Efflandt)
How to split one variable into two? (Tal Yarkoni)
Re: How to split one variable into two? <tex@engsoc.carleton.ca>
Re: I got thousands of CRACKS 'n SERIALS onlu for U !! <cassell@mail.cor.epa.gov>
Pass by reference <mortuno@iname.com>
Re: Pass by reference (Larry Rosler)
Re: Pass by reference <rick.delaney@home.com>
Re: Pass by reference <ltl@rgsun40.viasystems.com>
Re: Pass by reference (Martien Verbruggen)
Re: printf mask? (Neko)
Re: REQ: tell-a-friend script (J. Moreno)
Re: REQ: tell-a-friend script <sjs@yorku.ca>
Re: REQ: tell-a-friend script (J. Moreno)
Re: System call in windows (Eric Bohlman)
Re: taint/ENV{PATH}/pRPC <rootbeer@redcat.com>
Re: taint/ENV{PATH}/pRPC <rockie@apk.net>
Re: Using Perl to send mail in Windows <cassell@mail.cor.epa.gov>
Validating unsafe code? <newspost@coppit.orgDIESPAM>
Re: Validating unsafe code? (Martien Verbruggen)
Digest Administrivia (Last modified: 16 Sep 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: 23 Sep 1999 23:08:42 GMT
From: Jeff Zucker <jeff@vpservices.com>
Subject: Re: (-d $filename) test
Message-Id: <37EAB138.5F256060@vpservices.com>
Tom Christiansen wrote:
>
> In comp.lang.perl.misc,
> vasile@club-internet.fr writes:
> :lr@hpl.hp.com (Larry Rosler) wrote:
> :
> :>> >Ack! Don't *DO* that. Win32 can understand paths separated by '/' just
> :>> >as well.
> :>>
> :>> You mean Win32 Perl "understand ...", isn't it ?
> :>
> :>No. It means the Windows/DOS file systems understand ...
> :
> :I'm afraid it's not true...
>
> Yes, it is.
WHOAAA! Tom Christiansen agreed to a sentence that has the word
"windows" and the word "understand" in it!!!!!
> "If you understand what you're doing, you're not learning anything."
> -- Abraham Lincoln
Oh, now I get it. Windoze isn't learning anything.
--
Jeff
------------------------------
Date: Fri, 24 Sep 1999 02:50:41 GMT
From: petrovitch@my-deja.com
Subject: ?? Search Engine Addresses for Submission ??
Message-Id: <7seotu$7ub$1@nnrp1.deja.com>
I've written a script to submit and unlimited number of URLs to an
unlimited number of search engines, but I've only been able to find
about a dozen search engine addresses, i.e.,
"http://add-url.altavista.digital.com/cgi-bin/newurl?ad=1&q="
+ "&contact=" + contact + "&email=" + email;
Can anyone tell me where to find submissions strings for many of the
other search engines?
Sent via Deja.com http://www.deja.com/
Before you buy.
------------------------------
Date: Thu, 23 Sep 1999 17:11:09 -0700
From: David Cassell <cassell@mail.cor.epa.gov>
Subject: Re: beauty of a Y2K bug
Message-Id: <37EAC19D.EC799F75@mail.cor.epa.gov>
Michael Stevens wrote:
>
> On Thu, 23 Sep 1999 11:22:56 -0700, David Cassell <cassell@mail.cor.epa.gov> wrote:
> >Randal L. Schwartz wrote:
> >[snip of painfully-funny maldesigned code]
> >> And this stuff is all over. No telling how many scripts are available
> >> in those "free download" areas but not indexed by the spiders.
> >I think we'll be able to tell right around January 1 [or perhaps
> >Monday the 3rd], when all the users of those kludges come
> >crying to this ng for rescue. Maybe Jocelyn will keep count
> >for her next news article.
>
> It might be interesting to study this vaguely scientifically --
> keep an articles/day count for various programming groups, watch the
> rise after jan 1st, and see which language has the worst y2k problem
> (yes, it's not exactly statistically rigorous, but it should be
> amusing)
Well, if you want to do that, you'll have to change your
precept. It won't be the most problematic language, it will
be the language in which the most popular bad web scripts have
been written. I think Perl wins that dubious honor hands down.
I expect to see umpteen thousand complaints based on about 12
different programs, all of which have been disseminated to
hundreds or thousands of sites.
I also expect to see Matt Wright's name and/or program names
show up a large proportion of those times.
Hmmm. Maybe I'll take a break from this NG starting 12/29/99
for about two weeks. mrbog@my-deja.com can answer all those
questions in my stead. Okay?
David
--
David Cassell, OAO cassell@mail.cor.epa.gov
Senior computing specialist
mathematical statistician
------------------------------
Date: Thu, 23 Sep 1999 22:25:57 GMT
From: sthoenna@efn.org (Yitzchak Scott-Thoennes)
Subject: Re: CONTEST: Range Searching
Message-Id: <1jq63gzkgGmG092yn@efn.org>
In article <1dydrpz.aekm3dthae7uN@imac.loc>, kpreid@ibm.net (Kevin Reid) wrote:
>Yitzchak Scott-Thoennes <sthoenna@efn.org> wrote:
>>
>> Needs some work in this loop. If the pattern recurs within $opt_A
>> lines, you won't catch it.
>
>Uhh... in my tests, it handled it fine, showing the two matches in a
>contiguous chunk. Try turning on -m.
Hmmm. It failed for me:
[D:\]cat testdata
hello
there
this
is
a
test
looking
for
e[rs]
[D:\]perl kevinreid.pl -m -B 1 -A 4 /e[rs]/ testdata
---
hello
+ there
this
is
a
test
Test should be marked with a + and the remaining 3 lines in the file output.
------------------------------
Date: Thu, 23 Sep 1999 17:02:03 -0700
From: lr@hpl.hp.com (Larry Rosler)
Subject: Re: Getting the first occurence of a string
Message-Id: <MPG.12545f592cb443b8989fcf@nntp.hpl.hp.com>
In article <37EAA8D9.C19485B@ccrs.nrcanDOTgc.ca> on Thu, 23 Sep 1999
18:25:29 -0400, Tom Kralidis <tom.kralidis@ccrs.nrcanDOTgc.ca> says...
> Larry, how about this??
>
> $occurence_i_want = 1; # for first occurence.
> $occurance_counter=0;
>
> while (/^STATIM(.*)\b/gi)
> {
> $string = $1 if (++$occurance_counter == $occurence_i_want);
> }
No, that makes no sense at all, because the regex can't match more than
once in any case. See the leading '^'? I'm afraid that Tim Diller's
code isn't much use.
If you will never want to look past the first occurrence of a particular
string in the file (as indicated in your Subject), then simply omit all
that stuff. Going back to your original post:
while (<>) {
$string = $1, last if /^STATIM(.*)/;
}
> Furthermore, how can one assign each occurence to an array, then
> extracting values bewteen each interval?
You'll have o be more specific than that. I can't understand it, and
your example code doesn't help.
...
> Larry Rosler wrote:
<SNIP> of complete copy of post being responded to, including signature,
in the wrong place.
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: 23 Sep 1999 23:06:38 GMT
From: ilya@math.ohio-state.edu (Ilya Zakharevich)
Subject: Re: Grouping in REs, no doc found
Message-Id: <7sebpu$6pc$1@charm.magnus.acs.ohio-state.edu>
[A complimentary Cc of this posting was sent to lt lindley
<lee.lindley@viasystems.com>],
who wrote in article <7se0cf$7mt$1@rguxd.viasystems.com>:
> :>> :>The sad truth is that it leaves the value unchanged if the subpattern
> :>> :>didn't match, or if it matched only as part of an unsuccessful pattern
> :>> :>match.
> :>>
> :>> You are confusing "subpattern not matching" with "next regexp evaluation
> :>> not matching". They are 2 different events.
>
> :>Nope. There are still 4 or 5 known bugs in the REx engine, and the
> :>mentioned above behaviour is one of them (though it happens for
> :>"simple" groups only).
>
> Which mentioned above behavior is a bug? That $1 is not reset after
> an unsucessful match? If that is a bug it is a well documented one.
> (though it is a behavior for which I can't see a good reason.)
That $2 may be set by /a((b)c)?bd/ on "abd" (or something similar).
Ilya
------------------------------
Date: 23 Sep 1999 23:05:34 GMT
From: lt lindley <ltl@rgsun5.viasystems.com>
Subject: Re: Grouping in REs, no doc found
Message-Id: <7sebnu$a1h$1@rguxd.viasystems.com>
Rick Delaney <rick.delaney@home.com> wrote:
:>[posted & mailed]
:>> Which mentioned above behavior is a bug? That $1 is not reset after
:>> an unsucessful match?
:>No, that it is not always reset (think of \1 instead) *within* a
:>match-attempt when a failure causes the REx engine to backtrack or try
:>an alternative.
:>> A couple of examples would be nice.
:>Here's one:
:> print "ok\n" if "abcab" =~ /(\w)?(abc)\1b/;# prints ok
Ahh. I see. But if you make a "less simple" grouping, the bug
doesn't necessarily appear.
print "ok\n" if "abcab" =~ /(\w)?(abc)(\1b)/;
print "1is $1, 2is $2, 3is $3\n";
__END__
ok
1is a, 2is abc, 3is ab
# Yuck.
perl -e 'print "ok\n" if "abcab" =~ /((\w)?(abc)(\1b))/
print "1is $1, 2is $2, 3is $3, 4is $4\n";
__END__
1is , 2is , 3is 4is
# as expected.
Kind of shakes my faith a bit though. :-)
--
// Lee.Lindley /// Programmer shortage? What programmer shortage?
// @bigfoot.com /// Only *cheap* programmers are in short supply.
//////////////////// 50 cent beers are in short supply too.
------------------------------
Date: Fri, 24 Sep 1999 01:13:44 GMT
From: Rick Delaney <rick.delaney@home.com>
Subject: Re: Grouping in REs, no doc found
Message-Id: <37EAD045.16785300@home.com>
[posted & mailed]
lt lindley wrote:
>
> :> print "ok\n" if "abcab" =~ /(\w)?(abc)\1b/;# prints ok
>
> Ahh. I see. But if you make a "less simple" grouping, the bug
> doesn't necessarily appear.
Sometimes "more simple".
print "ok\n" if "abcab" =~ /(\w)?abc\1b/;# no match
--
Rick Delaney
rick.delaney@home.com
------------------------------
Date: Fri, 24 Sep 1999 01:15:18 GMT
From: mgjv@comdyn.com.au (Martien Verbruggen)
Subject: Re: How to RLOGIN - try again
Message-Id: <GgAG3.158$fQ3.3535@nsw.nnrp.telstra.net>
In article <37EAAE34.9C37C1ED@ti.com>,
Jerry Preston <g-preston1@ti.com> writes:
> From within my Perl program, I need to 'rlogin' to another server on my
> network with
> password and user id. Can you use system?
Maybe.
system('rlogin', @args);
will work, but maybe it doesn't do what you want. Maybe you need
backticks. I don't know. I don't know what you want to do, except
rlogin.
How are you going to interact with the rlogin?
Maybe you really want Net::Telnet
hard to tell.
Martien
--
Martien Verbruggen |
Interactive Media Division | Never hire a poor lawyer. Never buy
Commercial Dynamics Pty. Ltd. | from a rich salesperson.
NSW, Australia |
------------------------------
Date: 24 Sep 1999 01:24:15 GMT
From: efflandt@xnet.com (David Efflandt)
Subject: Re: How to RLOGIN - try again
Message-Id: <slrn7ulkm9.g8.efflandt@efflandt.xnet.com>
On Thu, 23 Sep 1999 17:48:21 -0500, Jerry Preston <g-preston1@ti.com> wrote:
>From within my Perl program, I need to 'rlogin' to another server on my
>network with
>password and user id. Can you use system?
Well, if it requires your username and password, you might as well use
Net::Telnet module. You also may be able to use rsh or rcp in `backticks`
or system() if you can get these to work without a password.
Note: I can rlogin to my Solaris ISP without a password, I can rlogin to
my RH Linux box at work without a password (PPP on same subnet), but
our remote Slackware Linux mailserver (different subnet on private WAN)
requests a password for rlogin. Maybe I messed up my .rhosts.
--
David Efflandt efflandt@xnet.com http://www.xnet.com/~efflandt/
http://www.de-srv.com/ http://cgi-help.virtualave.net/
http://thunder.prohosting.com/~cv-elgin/
------------------------------
Date: 24 Sep 1999 02:07:28 GMT
From: tyarkoni@chat.carleton.ca (Tal Yarkoni)
Subject: How to split one variable into two?
Message-Id: <7semd0$6qn$1@bertrand.ccs.carleton.ca>
This is a pretty straightforward question (I think)... I'm a beginner and
need to know how I can create two strings from one.. I don't mean
splitting the content of the variable; I mean creating two variables of
the same name plus something like 1 or 2 appended to the end... so for example
if i have a foreach loop going I'm aware I can define a new variable with
$$x (where
$x is any given key in the array).. that works fine. What I need though is
to split the resulting variable into 1 and 2... so let's say $x happens to
be "test"... how can I create two variables, $test1 and
$test2? Using $$x{"1"} works, but of course I'd rather have a variable
that ends with 1 than {"1"}. Can anyone please tell me what the proper syntax
is? Thanks.
------------------------------
Date: 24 Sep 1999 02:25:13 GMT
From: Clayton L. Scott <tex@engsoc.carleton.ca>
Subject: Re: How to split one variable into two?
Message-Id: <7sene9$su0$1@bertrand.ccs.carleton.ca>
You, yes you, Tal. Stop writing stuff like this:
: This is a pretty straightforward question (I think)... I'm a beginner and
: need to know how I can create two strings from one.. I don't mean
: splitting the content of the variable; I mean creating two variables of
: the same name plus something like 1 or 2 appended to the end... so for example
: if i have a foreach loop going I'm aware I can define a new variable with
What task are you trying to perform? I can see no reason to do
this the way you describe it. If you describe your real problem maybe
someone can help you come up with a better solution.
Clayton
--
Warning: Dates on calendar are closer than they appear.
------------------------------
Date: Thu, 23 Sep 1999 17:06:50 -0700
From: David Cassell <cassell@mail.cor.epa.gov>
Subject: Re: I got thousands of CRACKS 'n SERIALS onlu for U !!
Message-Id: <37EAC09A.CC88EDCD@mail.cor.epa.gov>
Dane Strom wrote:
>
> Pawan Bhati wrote:
> >
> > HEY FRIENDS
> > Your search for CRACKS 'n SERAILS comes to an end here.
> > I got about 45k serials & 30k cracks on my new server. If you want you can
> > have it all.
>
> So, er, anyone going to help this poor, innocent fool? (insert
> diabolical laugh)
Sure. Let's see. That many cracks on his server. Hmmm...
<quickly does math in head>
About 7 rolls of duct tape ought to be enough to patch over
all those cracks. And a damp washcloth for all the cereal
on the server. You think he needs to be told to turn off the
power first?
David
--
David Cassell, OAO cassell@mail.cor.epa.gov
Senior computing specialist
mathematical statistician
------------------------------
Date: Fri, 24 Sep 1999 03:31:25 +0200
From: Miguel Ortu~o <mortuno@iname.com>
Subject: Pass by reference
Message-Id: <37EAD46D.A903E996@iname.com>
Hello everybody
I Really think that learning Perl is hard: I have read up a couple of
tutorials, man perlsub, man perlref and man perlfaq7.
But I still donīt know whatīs wrong in something as simple as this:
@my_list = ( 1 , 2, 3);
print " @my_list \n";
&my_function( \@my_list);
sub my_function{
my @my_list=@$_[0];
print "arg 0: $_[0] \n";
print "the list: @my_list \n"; # doesnīt work!
}
Thanks in advance,
Miguel Ortuņo
------------------------------
Date: Thu, 23 Sep 1999 18:58:41 -0700
From: lr@hpl.hp.com (Larry Rosler)
Subject: Re: Pass by reference
Message-Id: <MPG.12547a9ffe6ae896989fd0@nntp.hpl.hp.com>
[Posted and a courtesy copy sent.]
In article <37EAD46D.A903E996@iname.com> on Fri, 24 Sep 1999 03:31:25
+0200, Miguel Ortu~o <mortuno@iname.com> says...
...
> @my_list = ( 1 , 2, 3);
> print " @my_list \n";
> &my_function( \@my_list);
>
>
> sub my_function{
> my @my_list=@$_[0];
my @my_list=@{$_[0]};
> print "arg 0: $_[0] \n";
> print "the list: @my_list \n"; # doesnīt work!
> }
The '-w' flag will help in situations such as this.
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Fri, 24 Sep 1999 02:11:31 GMT
From: Rick Delaney <rick.delaney@home.com>
Subject: Re: Pass by reference
Message-Id: <37EADDD1.71B3B124@home.com>
[posted & mailed]
Miguel Ortu~o wrote:
>
> I Really think that learning Perl is hard: I have read up a couple of
> tutorials, man perlsub, man perlref and man perlfaq7.
Reread the section, "Using References" in perlref.
> sub my_function{
> my @my_list=@$_[0];
You want
my @my_list = @{ $_[0] };
--
Rick Delaney
rick.delaney@home.com
------------------------------
Date: 24 Sep 1999 02:18:12 GMT
From: lt lindley <ltl@rgsun40.viasystems.com>
Subject: Re: Pass by reference
Message-Id: <7sen14$ct8$1@rguxd.viasystems.com>
Miguel Ortu'o <mortuno@iname.com> wrote:
:>Hello everybody
:>I Really think that learning Perl is hard: I have read up a couple of
:>tutorials, man perlsub, man perlref and man perlfaq7.
Yes. It is hard. It is much easier to learn something like
javascript or visual basic. They don't give you nearly as much
power to shoot yourself in the foot (nor shoot down the problems
either, but ...).
But you've already learned parts of Perl and the other parts get
easier as you go. Reading those documents (well, you probably need
to read them again a few more times) is a good start.
:>But I still don't know what's wrong in something as simple as this:
What are those chars above? Is this some kind of PoB affect?
My newsreader won't even let me post this until I fix them
:>@my_list = ( 1 , 2, 3);
:>print " @my_list \n";
:>&my_function( \@my_list);
:>sub my_function{
:> my @my_list=@$_[0];
:> print "arg 0: $_[0] \n";
:> print "the list: @my_list \n"; # doesn't work!
my $list_ref = $_[0];
print "arg 0 is a reference to an array: $_[0]\n";
print "the list: @$list_ref\n"; #or @{ $list_ref }
print "first element of the list: $list_ref->[0]\n";
:>}
Keep reading perlref. Actually, try "perldoc perlreftut".
--
// Lee.Lindley Go Hokies!
// @bigfoot.com
////////////////////
------------------------------
Date: Fri, 24 Sep 1999 02:33:47 GMT
From: mgjv@comdyn.com.au (Martien Verbruggen)
Subject: Re: Pass by reference
Message-Id: <fqBG3.208$fQ3.4745@nsw.nnrp.telstra.net>
In article <37EAD46D.A903E996@iname.com>,
Miguel Ortu~o <mortuno@iname.com> writes:
> I Really think that learning Perl is hard: I have read up a couple of
> tutorials, man perlsub, man perlref and man perlfaq7.
> But I still donīt know whatīs wrong in something as simple as this:
general advice: use the -w flag to perl, and always use the 'strict'
pragma. They will be a tremendous help in finding problems.
> @my_list = ( 1 , 2, 3);
> print " @my_list \n";
> &my_function( \@my_list);
Here you pass a reference to an array into the sub my_function. (and
you don't really need the &. Read perlsub documentation to find out
why not)
> sub my_function{
> my @my_list=@$_[0];
If you want to work with the original array, you need to get the
reference you just passed in, and store it in a variable. You're
trying to copy the original array into a local array, and you're doing
it slightly wrong. A copy would be:
my @my_list = @{$_[0]};
But you can't modify the original array this way, which I believe
would be what you want, otherwise you wouldn't be passing by
reference. So what you want is:
my $ref = $_[0];
or
my $ref = shift;
BTW: the name @my_list is confusing. It is not a list, but an array.
They're very different beasts.
Here's some code to help you understand what's going on. Read the
perlsub documentation as well as the perlref documentation as well.
#!/usr/local/bin/perl -w
use strict;
my @ar = ( 1, 2, 3);
print "@ar\n";
# Only if you need to change the array itself:
f1(\@ar);
print "f1: @ar\n";
sub f1
{
my $r = shift;
$r->[0] = 'one';
$r->[3] = '4';
push @$r, '5';
}
# If you only need to change the elements (perl passes list elements
# by reference), you don't need to pass the array by reference
f2(@ar);
print "f2: @ar\n";
sub f2
{
# This will change the element 0 of the passed in array
# You can't make a local copy of @_ and modify that. The
# references to the original elements live in @_, so you have to
# use that
$_[0] = '0';
# however, this will _not_ change the original array itself, it
# changes the local copy of @_ only
push @_, '6';
}
# and this is what happens if you copy, nothing.
# You only change the local array, and only change copies of the passed
# in array elements
f3(\@ar);
print "f3: @ar\n";
sub f3
{
my @ar = @{$_[0]};
$ar[0] = 'something else';
push @ar, 'last';
}
OUTPUT:
1 2 3
f1: one 2 3 4 5
f2: 0 2 3 4 5
f3: 0 2 3 4 5
Martien
--
Martien Verbruggen |
Interactive Media Division | This matter is best disposed of from a
Commercial Dynamics Pty. Ltd. | great height, over water.
NSW, Australia |
------------------------------
Date: Fri, 24 Sep 1999 00:05:25 GMT
From: tgy@chocobo.org (Neko)
Subject: Re: printf mask?
Message-Id: <37ebbeeb.238698076@news.supernews.com>
On Wed, 22 Sep 1999 23:27:40 -0700, lr@hpl.hp.com (Larry Rosler) wrote:
>timethese(1 << (shift || 0), {
> jp => sub { map $hexbits{$_}, split //, $hexstring },
> lr => sub { unpack 'B*' => pack 'C*' =>
> map hex, $hexstring =~ /(..)/g },
>});
This just glues Kragen's pack to Larry's unpack:
print unpack 'B*' => pack 'H*' => $hexstring;
--
Neko | tgy@chocobo.org | Will hack Perl for a moogle stuffy! =^.^=
------------------------------
Date: Thu, 23 Sep 1999 21:19:11 -0400
From: planb@newsreaders.com (J. Moreno)
Subject: Re: REQ: tell-a-friend script
Message-Id: <1dyls69.yr9pymr08zf4N@roxboro0-0057.dyn.interpath.net>
Tom Christiansen <tchrist@mox.perl.com> wrote:
> planb@newsreaders.com (J. Moreno) writes:
>
> :> I repeat: you're wrong. In fact, you're verging on being full of it.
> :Opinionated for sure, but full of it?
>
> You're wrong. Larry misspelled nothing. Everything was completely
> intenional. And saying otherwise is pure flaming bullshit.
I didn't say it wasn't intentional, it's still a typo.
> I don't expect you to back down or apologize. I do expect you
> to find your way into many people's killfiles.
"I'm sorry that I find 'elsif' a completely silly idea, and think that
'elseif' would have been a much better choice".
--
John Moreno
------------------------------
Date: 23 Sep 1999 22:00:38 -0500
From: Steven Smolinski <sjs@yorku.ca>
Subject: Re: REQ: tell-a-friend script
Message-Id: <m3r9jpnhd5.fsf@hank.yorku.ca>
planb@newsreaders.com (J. Moreno) writes:
> I didn't say it wasn't intentional, it's still a typo.
Now you're not even speaking English.
That's not a star! It's the sun!
Steve
------------------------------
Date: Thu, 23 Sep 1999 22:42:09 -0400
From: planb@newsreaders.com (J. Moreno)
Subject: Re: REQ: tell-a-friend script
Message-Id: <1dylw2v.16knnw6u0bcw0N@roxboro0-0057.dyn.interpath.net>
Steven Smolinski <sjs@yorku.ca> wrote:
> planb@newsreaders.com (J. Moreno) writes:
>
> > I didn't say it wasn't intentional, it's still a typo.
>
> Now you're not even speaking English.
>
> That's not a star! It's the sun!
Rather the reverse.
My exact statement was "Uhm, elsif may be correct perl, but it's still a
typo". Which I think is clear enough, it's what was chosen, but it was
(IMO) a bad choice.
--
John Moreno
------------------------------
Date: 23 Sep 1999 23:40:35 GMT
From: ebohlman@netcom.com (Eric Bohlman)
Subject: Re: System call in windows
Message-Id: <7sedpj$s44@dfw-ixnews6.ix.netcom.com>
Michael Stevens (mstevens@ashre.demon.co.uk) wrote:
: On unix systems, 'system' blocks until the process started by it
: returns. However, if the process it starts forks and exits, system
: will return, as the process you started exited, even though
: there is still a subprocess present.
:
: I'm guessing explorer is doing something similar to allow for
: people starting it in dos shell sessions under windows. If this is
: the case, you can't achieve it easily, although one of the people
: here may be able to come up with something.
Win32 shells (well, at least the ones in 95 and 98) have a built-in
command called "start" that creates a new process and exits. If given
the name of something other than an executable, it will consult the file
associations and start a process with the appropriate executable.
system("start $url"); # brings up whatever Web browser is set as the default
system('start notepad temp.txt'); #brings up Notepad and returns immediately
------------------------------
Date: Thu, 23 Sep 1999 17:11:00 -0700
From: Tom Phoenix <rootbeer@redcat.com>
Subject: Re: taint/ENV{PATH}/pRPC
Message-Id: <Pine.GSO.4.10.9909231709390.26916-100000@user2.teleport.com>
On Thu, 23 Sep 1999, R. Brockway wrote:
> but it bombs out on the actual `grep $username /etc/passwd`.
And when it "bombs out", do you find its dying words listed in the
perldiag manpage? Cheers!
--
Tom Phoenix Perl Training and Hacking Esperanto
Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 23 Sep 1999 22:09:23 -0300
From: "R. Brockway" <rockie@apk.net>
Subject: Re: taint/ENV{PATH}/pRPC
Message-Id: <37EACF43.4F4FD626@apk.net>
The client side array isn't bringing back the actual error from the
server (another thing i need to figure out), which is obviously
hindering my actually typing perldoc perldiag, or even blasting through
the Camel book, chapter 9. thanks. in the meantime, i need to figure out
how to make my return value of the result of the system call NOT
tainted, which is the real problem. So far, after looking through
perldoc perlsec
(http://www.perl.com/pub/doc/manual/html/pod/perlsec.html) i have some
ideas in general as to what direction i need to go to get that value NOT
tainted, but have had no success so far. any ideas again are
appreciated. thanks.
-rockie
Tom Phoenix wrote:
> On Thu, 23 Sep 1999, R. Brockway wrote:
>
> > but it bombs out on the actual `grep $username /etc/passwd`.
>
> And when it "bombs out", do you find its dying words listed in the
> perldiag manpage? Cheers!
>
> --
> Tom Phoenix Perl Training and Hacking Esperanto
> Randal Schwartz Case: http://www.rahul.net/jeffrey/ovs/
------------------------------
Date: Thu, 23 Sep 1999 17:16:29 -0700
From: David Cassell <cassell@mail.cor.epa.gov>
Subject: Re: Using Perl to send mail in Windows
Message-Id: <37EAC2DD.51A3E5B6@mail.cor.epa.gov>
ldh7@my-deja.com wrote:
>
> I am currently working on a project where I am
> trying to send email from a server running on
> Windows 98 and/or Windows NT. I would like to
> use Perl 5.0 to send the mail; however, I am
> having a bit of difficulty in creating the proper
> program. I tried using "Blat" but I could not
> get my code to work properly. However, I would
> prefer just to use the "sendmail" feature of
> Windows with Perl script rather than an external
> product such as "Blat".
You can't 'use the sendmail feature of Windows' unless your
system has sendmail on it, can you? Most Win32 systems don't.
But you can use Mail::Mailer on a win32 system, just
as you can on a unix box. It's part of the MailTools
module. And it needs the libnet bundle in order to
run, since it uses Net::SMTP .
HTH,
David
--
David Cassell, OAO cassell@mail.cor.epa.gov
Senior computing specialist
mathematical statistician
------------------------------
Date: Thu, 23 Sep 1999 20:08:17 -0400
From: David Coppit <newspost@coppit.orgDIESPAM>
Subject: Validating unsafe code?
Message-Id: <Pine.GSO.4.10.9909231947240.2790-100000@mamba.cs.Virginia.EDU>
I'm sure this is a common problem, but I can't seem to find any good
references on Deja.com... (Ick. I liked DejaNews much better...) Taint
checking doesn't seem to be what I need, but perhaps I'm not understanding it
correctly.
Basically, I'm trying to validate Perl modules that people send me, to make
sure that they are well-formed and don't contain any dangerous commands that
would nuke an unsuspecting user's machine.
I don't need a perfect method, but at least one that can raise flags, and
doesn't have any false negatives. If false negatives are impossible to avoid,
at least this will help me when I do a manual inspection of the code.
Here are the things I've thought to look for:
system()
eval()
exec()
`` (backticks)
<*> (globbing)
glob()
s///e (eval an expression)
open("|")
unlink()
chmod()
chown()
link()
mkdir()
rename()
rmdir()
kill()
fork() (fork bomb)
flock() (denial of service?)
Is there an easy way to check for such dangerous commands?
"$code =~ s/#[^\n]\bbadcommand\b/s" seems too naive.
It seems like I remember hearing that newer Perls let you look at the parse
tree, which would probably be the best way to identify most of these
functions.
Thanks a lot,
David
--
Remove the capital letters in my address to reply via email. Sorry, but most
of my junkmail comes from addresses harvested from the newsgroups.
I'm also considerate enough to read replies on news. :)
------------------------------
Date: Fri, 24 Sep 1999 01:06:29 GMT
From: mgjv@comdyn.com.au (Martien Verbruggen)
Subject: Re: Validating unsafe code?
Message-Id: <p8AG3.151$fQ3.3535@nsw.nnrp.telstra.net>
In article <Pine.GSO.4.10.9909231947240.2790-100000@mamba.cs.virginia.edu>,
David Coppit <newspost@coppit.orgDIESPAM> writes:
>
> I'm sure this is a common problem, but I can't seem to find any good
> references on Deja.com... (Ick. I liked DejaNews much better...) Taint
Yeah. basically the same thing, but with a much improved and enhanced
interface... That sucks bananas.
> Basically, I'm trying to validate Perl modules that people send me,
> to make sure that they are well-formed and don't contain any
> dangerous commands that would nuke an unsuspecting user's machine.
Hmmm. That's a hard job. If you're looking for deliberate dangers,
you'll have no choice but to read every line of code. If you're
looking for programming booboos, or unsafe use of stuff, using taint
mode may be a way to go. Often making sure that -w and strict are in
effect can point out many potential problems as well.
> I don't need a perfect method, but at least one that can raise
> flags, and doesn't have any false negatives. If false negatives are
> impossible to avoid, at least this will help me when I do a manual
> inspection of the code.
false negatives? As in: I'm warning you that this is dangerous, but in
reality it's not? Or.. I'm not warning you about this, but it's really
dangerous?
I suspect you mean the second one. I don't think there is any way in
which you can avoid either of the two.
> Here are the things I've thought to look for:
>
> system()
> eval()
not inherently dangerous in perl, unless it contains any of the other
dangerous ones.
> exec()
> `` (backticks)
> <*> (globbing)
> glob()
> s///e (eval an expression)
> open("|")
There may be more dangerous possibilities. Anything that causes open
to invoke a shell.
You probably should also include open2, open3, The FileHandle and
IO::Handle stuff. although I am not sure that the latter two actually
can invoke danger. Careful inspection of the modules will show :)
You know that taint mode will warn for many of this stuff, right?
> unlink()
Not sure that this is dangerous, unless it tries to unlink something
stupid, like /etc/passwd. Don't run it as root, and you will know.
> chmod()
> chown()
> link()
> mkdir()
> rename()
> rmdir()
Not inherently dangerous. Like the above, these can only be inspected
for danger by inspecting the actual values that get passed to them..
> kill()
> fork() (fork bomb)
> flock() (denial of service?)
>
> Is there an easy way to check for such dangerous commands?
> "$code =~ s/#[^\n]\bbadcommand\b/s" seems too naive.
I don't think that I would recommend anyone using automated tools to
do this sort of checking. It's much too easy to fool those. Besides
that, most of the danger arrives in the actual values of the variable
being passed to these things (which is where taint mode comes in), not
in the command itself. Anything automatic will give you so many false
positive danger flags, that you might as well just have read the whole
code yourself.
> It seems like I remember hearing that newer Perls let you look at
> the parse tree, which would probably be the best way to identify
> most of these functions.
Yes. You could do something like that, but again, unless you 'untaint'
all the variables, which is probably impossible in a general case for
all of the things above, you won't be certain.
Some things you can do are: Run these things never as root. That way
damage gets limited. Run these things in a chroot jail. That way any
damage they do to the system is limited to a harmless file system. Run
these things on a non-critical system.
Maybe run them in the perl debugger, and see what goes on. Time
consuming, but potentially less so than reading all the code. if you
want to be very certain, do both.
Of course, the above bit only applies to unices. I don't know if you
can set up limited or 'safe' environments under other operating
systems.
> I'm also considerate enough to read replies on news. :)
I like to hear that :)
Summarising: I do not personally believe that there is a decent way of
checking. Things that help are perl's taint mode, the debugger, and
some standard unix environment issues. I doubt that you can write
anything that will actually save you any time.
Martien
--
Martien Verbruggen |
Interactive Media Division | "In a world without fences,
Commercial Dynamics Pty. Ltd. | who needs Gates?"
NSW, Australia |
------------------------------
Date: 16 Sep 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 16 Sep 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
| NOTE: The mail to news gateway, and thus the ability to submit articles
| through this service to the newsgroup, has been removed. I do not have
| time to individually vet each article to make sure that someone isn't
| abusing the service, and I no longer have any desire to waste my time
| dealing with the campus admins when some fool complains to them about an
| article that has come through the gateway instead of complaining
| to the source.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 895
*************************************
